{"id":13645521,"url":"https://github.com/minio/sio","last_synced_at":"2025-06-20T11:43:23.107Z","repository":{"id":47798799,"uuid":"100655899","full_name":"minio/sio","owner":"minio","description":"Go implementation of the Data At Rest Encryption (DARE) format.","archived":false,"fork":false,"pushed_at":"2024-08-31T13:18:40.000Z","size":133,"stargazers_count":372,"open_issues_count":5,"forks_count":56,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-04-21T14:31:44.560Z","etag":null,"topics":["ciphertext","encrypted-data","encryption","encryption-library"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/minio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-18T00:17:47.000Z","updated_at":"2025-04-17T19:37:37.000Z","dependencies_parsed_at":"2023-02-16T18:32:16.451Z","dependency_job_id":"72335f56-106f-4717-8efc-bf6c7d41b78f","html_url":"https://github.com/minio/sio","commit_stats":null,"previous_names":["minio/aead"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/minio/sio","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minio%2Fsio","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minio%2Fsio/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minio%2Fsio/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minio%2Fsio/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/minio","download_url":"https://codeload.github.com/minio/sio/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/minio%2Fsio/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260940288,"owners_count":23086292,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ciphertext","encrypted-data","encryption","encryption-library"],"created_at":"2024-08-02T01:02:36.465Z","updated_at":"2025-06-20T11:43:18.092Z","avatar_url":"https://github.com/minio.png","language":"Go","readme":"[![Godoc Reference](https://godoc.org/github.com/minio/sio?status.svg)](https://godoc.org/github.com/minio/sio)\n[![Travis CI](https://travis-ci.org/minio/sio.svg?branch=master)](https://travis-ci.org/minio/sio)\n[![Go Report Card](https://goreportcard.com/badge/minio/sio)](https://goreportcard.com/report/minio/sio)\n\n# Secure IO\n## Go implementation of the Data At Rest Encryption (DARE) format.\n\n## Introduction\n\nIt is a common problem to store data securely - especially on untrusted remote storage. \nOne solution to this problem is cryptography. Before data is stored it is encrypted\nto ensure that the data is confidential. Unfortunately encrypting data is not enough to\nprevent more sophisticated attacks. Anyone who has access to the stored data can try to\nmanipulate the data - even if the data is encrypted.\n\nTo prevent these kinds of attacks the data must be encrypted in a tamper-resistant way.\nThis means an attacker should not be able to:\n - Read the stored data - this is achieved by modern encryption algorithms.\n - Modify the data by changing parts of the encrypted data.\n - Rearrange or reorder parts of the encrypted data. \n\nAuthenticated encryption schemes (AE) - like AES-GCM or ChaCha20-Poly1305 - encrypt and\nauthenticate data. Any modification to the encrypted data (ciphertext) is detected while\ndecrypting the data. But even an AE scheme alone is not sufficiently enough to prevent all\nkinds of data manipulation.\n\nAll modern AE schemes produce an authentication tag which is verified after the ciphertext\nis decrypted. If a large amount of data is decrypted it is not always possible to buffer\nall decrypted data until the authentication tag is verified. Returning unauthenticated \ndata has the same issues like encrypting data without authentication.\n\nSplitting the data into small chunks fixes the problem of deferred authentication checks\nbut introduces a new one. The chunks can be reordered - e.g. exchanging chunk 1 and 2 - \nbecause every chunk is encrypted separately. Therefore the order of the chunks must be\nencoded somehow into the chunks itself to be able to detect rearranging any number of \nchunks.     \n\nThis project specifies a [format](https://github.com/minio/sio/blob/master/DARE.md) for \nen/decrypting an arbitrary data stream and gives some [recommendations](https://github.com/minio/sio/blob/master/DARE.md#appendices)\nabout how to use and implement data at rest encryption (DARE). Additionally this project\nprovides a reference implementation in Go.  \n\n## Applications\n\nDARE is designed with simplicity and efficiency in mind. It combines modern AE schemes\nwith a very simple reorder protection mechanism to build a tamper-resistant encryption\nscheme. DARE can be used to encrypt files, backups and even large object storage systems.\n\nIts main properties are:\n - Security and high performance by relying on modern AEAD ciphers\n - Small overhead - encryption increases the amount of data by ~0.05%\n - Support for long data streams - up to 256 TB under the same key  \n - Random access - arbitrary sequences / ranges can be decrypted independently\n\n**Install:** `go get -u github.com/minio/sio`\n\nDARE and `github.com/minio/sio` are finalized and can be used in production.\n\nWe also provide a CLI tool to en/decrypt arbitrary data streams directly from\nyour command line:\n\n**Install ncrypt:** `go get -u github.com/minio/sio/cmd/ncrypt \u0026\u0026 ncrypt -h`\n\n## Performance\n\nCipher            |   8 KB   |   64 KB   |   512 KB  |  1 MB\n----------------- | -------- | --------- | --------- | --------\nAES_256_GCM       |  90 MB/s | 1.96 GB/s | 2.64 GB/s | 2.83 GB/s\nCHACHA20_POLY1305 |  97 MB/s | 1.23 GB/s | 1.54 GB/s | 1.57 GB/s\n\n*On i7-6500U 2 x 2.5 GHz | Linux 4.10.0-32-generic | Go 1.8.3 | AES-NI \u0026 AVX2*","funding_links":[],"categories":["Encryption","Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminio%2Fsio","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fminio%2Fsio","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fminio%2Fsio/lists"}